From: Tom Yu Date: Tue, 14 Apr 2009 21:07:26 +0000 (+0000) Subject: pull up r22173 from trunk X-Git-Tag: krb5-1.7-beta1~45 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a0ff28e4ba284d391a2a7e52c35fc8803d8261c6;p=krb5.git pull up r22173 from trunk ------------------------------------------------------------------------ r22173 | tlyu | 2009-04-07 17:22:13 -0400 (Tue, 07 Apr 2009) | 4 lines Changed paths: M /trunk/src/lib/gssapi/spnego/spnego_mech.c ticket: 6417 Apply revised patch from Apple that ensures that a REJECT token is sent on error. ticket: 6417 version_fixed: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22222 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 9b8a46e11..c20f8703d 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -1650,8 +1650,7 @@ spnego_gss_accept_sec_context( &negState, &return_token); } cleanup: - if (return_token == INIT_TOKEN_SEND || - return_token == CONT_TOKEN_SEND) { + if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) { /* For acceptor-sends-first send a tokenInit */ int tmpret; @@ -1666,7 +1665,8 @@ cleanup: return_token, output_token); } else { - tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech, + tmpret = make_spnego_tokenTarg_msg(negState, + sc ? sc->internal_mech : GSS_C_NO_OID, &mechtok_out, mic_out, return_token, output_token); @@ -3025,6 +3025,8 @@ make_spnego_tokenTarg_msg(OM_uint32 status, gss_OID mech_wanted, if (outbuf == GSS_C_NO_BUFFER) return (GSS_S_DEFECTIVE_TOKEN); + if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID) + return (GSS_S_DEFECTIVE_TOKEN); outbuf->length = 0; outbuf->value = NULL;